phpCommunityCalendar calYearlyP.php font Variable XSS

Description

Vulnerability Description

phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'font' variable upon submission to the 'calYearlyP.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'font' variable upon submission to the 'calYearlyP.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018